Spam evolves - Is less annoying, but more dangerous

Over the last 3 years, the sort of spam we used to get has essentially disappeared[ . No, not the tinned food product, but the unsolicited and quite franking, irritating e-mails.
However, commercial advertising is still alive and well! (Business to business unsolicited e-mail is still legal)
Laws have been passed in the USA and Europe which have allowed law enforcement to move in swiftly to close down the companies who used to send millions of messages advertising cheap drugs etc.

Some spam is just plain annoying, however it can also be used as a means to access personal details and fraud. AKA phishing.

Sadly, this variety of spam is on the rise along with e-mails whose sole intent is to trick the recipient into downloading malware.

Here at Digievo, we filter out and delete e-mails for our customers which are clearly identifiable as spam. The percentage of all e-mails which are filtered has grown from around 45% - 60% since 2012.

Unfortunately, the
miscreants that send these spam messages evolve  their techniques just as quickly as the technology we use to block them.
Years ago, spammers would run their own servers, but as the bulk of spam is now essentially either fraud or malware (an offence under the Misuse of Computers Act), they no longer do this.
Instead, they compromise individual computers which belong to private individuals and use those machines to send the phishing malware e-mails.
The miscreants will have hundreds to thousands of compromised computers under their control at any one time. This means that filtering spam has become harder because every spam message comes from a different (and generally legitimate) sender.

From the mid noughties through to 2012 the content of phishing and malware e-mails remained consistent.
Today, the content is often on trend and short lived. For example, during the first 2 weeks of 2014, almost 50% of phishing e-mails were targeted towards owners of new Apple devices.
Thefts of personal information from large internet companies and retailers mean the miscreants have accurate lists of data.
They are therefore able to send targeted content to specific groups of users.

As companies get more into using cloud solutions and social media to connect with their customers, the awareness of phishing and malware are key to keep everybody safe.

The nightmare scenario with phishing is that a company is locked out of their cloud
systems or social media accounts. This can be detrimental to a company who use social media as the attackers then often post malware or dodgy content which appears to be posted by the company.
While these events are indeed criminal. Getting the police involved is extremely difficult as such cases are incredibly complex.
Some of the malware doing the rounds is hugely damaging. Cryptolocker and variants silently install on the attacked computer and encrypt (password protect) all the companies files before demanding a ransom.

If this were to happen to you and you are unable to recover from your back up, then that data is probably lost forever.

Although anti-virus software should detect the malware, this cannot always be guaranteed. The best protection against malware is the use of a good anti-virus alongside staff training.

As in the previous blog post when I wrote about spam, a number of measures exist which can secure e-mail and alleviate the issues. Sadly, the amount of people who still don’t implement these security measures is in the majority.

If you wish to get your e-mail hygiene and security checked out, why not give us a call on 0845 805 4870 or contact us via our website
www.digievo.co.uk



Phishing e-mails from Co-Operative Bank?

Over the last few days, we have seen a large volume of e-mails proclaiming to be from the Co-Operative Bank. They are asking their customers to confirm their banking details for a whole variety of reasons, most recently stating that there is a transfer pending which they are unable to receive until the user confirms their details by clicking on a link within the e-mail message.

To begin with, these e-mails came from a relatively believable address -  co-operative-system.coop-uk.co.uk – but then subsequent e-mails have arrived from - co-operativebank.co.uk – which is the legitimate domain for the bank.

These emails are 100% fraudulent, they are solely designed to trick the recipient into handing over sensitive banking details.
The fraudsters are then able to gain access to your online banking information.

 

If you receive one of these emails, do not respond in any way. Just delete the messages.
Banks do not contact their customers for personal account details via e-mail. If in doubt, call the bank to enquire about your account directly.

For a full technical analysis see below;

 

 

The initial giveaway that this is a fraudulent e-mail is if you examine the link you are being requested to click on. It claims to take you to the Co-Operative Bank’s website, instead, it takes you to http://beirutdiscounts.com which has been hijacked, but thankfully, as of this morning, displays an error message rather than capturing people’s details.

The e-mail originates from the IP address 122.62.112.4 which is located in New Zealand and I highly doubt therefore authorized to send messages on behalf of the Co-Operative Bank;

 

inetnum:        122.62.0.0 - 122.62.255.255

netname:        PLV-TELECOM-NZ

descr:          Telecom New Zealand Ltd

country:        NZ

admin-c:        IA42-AP

tech-c:         IA42-AP

notify:         nic@netgate.net.nz

mnt-by:         NZTELECOM

changed:        dbk1@netgate.net.nz 20090826

status:         ASSIGNED NON-PORTABLE

source:         APNIC

 

The most concerning factor of these phishing e-mails is that they claim to be from a legitimate Co-Operative Bank domain. But if we look at the Co-Operative Bank’s sender Policy Framework* (SPF) records then we get the following;

v=spf1 mx:cfs.co.uk a:apps.co-operativebank.co.uk a:applications.co-operativebank.co.uk include:foretelsystems.com –all

The final section tells the SPF checking to look for SPF records for fortelsystems.com and include those in the search. However, unfortunately, at this time, this domain has no SPF records. This means the verification of the Co-Operative Bank’s email’s security fails.
This is what has allowed the fraudsters to send these e-mails from their own domain.

What a sobering thought. A high street bank has failed in its duty to protect its customers.
A simple mistake to make, but it comes with serious consequences for its trusting customers.

 

*Sender Policy Framework (SPF) is a validation system for e-mail. It is able to detect fraudulent e-mails and checks that incoming messages are arriving from a valid domain authorized by that domain’s administrators.